<?php
#基础函数
include_once('_path.php');
include_once("../includes/init.php");

$quote = array();

#判断变量
if($_GET["func"]!="add" && $_GET["func"]!="edit"){
	die("func error.");
}
if($_GET["func"]=="add"){
	#如果是新建
	$action = "add";
}else{
	#如果是编辑
	$action = "edit";

	$user_id = trim($_REQUEST['user_id']);
	if(!is_numeric($user_id)){
		die("The user is not found");
	}
	$quote['user_id'] = string_sql($user_id);
	$sql = "SELECT u.*, ui.* FROM user u LEFT JOIN user_info ui ON u.id = ui.user_id WHERE u.id = ".$quote['user_id'];
	$rs = $database->queryArray($sql);
	if (sizeof($rs)!=1) {
		die("The user is not found");
	}
}

	#预设变量
	$name = $rs[0]['name'];
	$email = $rs[0]['email'];
	$actived = $rs[0]['actived'];
	$status = $rs[0]['status'];
	$sex = $rs[0]['sex'];
	$birthday = $rs[0]['birthday'];
    $location = $rs[0]['location'];	
	$intro = $rs[0]['intro'];
    $avatar = $rs[0]['avatar'];
	
if($_POST["do"]=="do"){
	#处理来源信息
    $name = trim($_REQUEST['name']);
    $quote['name'] = string_sql($name);
	$email = trim($_REQUEST['email']);
    $quote['email'] = string_sql($email);
	$pwd = trim($_REQUEST['pwd']);
    $status = trim($_REQUEST['status']);
    $quote['status'] = string_sql($status);
	#判断内容
	verify_field("name", "user Name", "minlength", 4);
	verify_field("name", "user Name", "maxlength", 20);
	verify_field("name", "user Name", "empty");
	verify_field("email", "Email", "empty");
    verify_field("email", "Email", "email");
	#是否有重名
  if ($action=="edit") {
    $rs = $database->queryFirst("SELECT id FROM user WHERE id!=".$quote['user_id']." AND name=".$quote['name']);
    if ($rs['id'] > 0) {
      $error_strs['name'] = "user name is already exists.";
    }
	
	$rs = $database->queryFirst("SELECT id FROM user WHERE id!=".$quote['user_id']." AND email=".$quote['email']);
    if ($rs['id'] > 0) {
      $error_strs['email'] = "email is already exists.";
    }
	
  } else {
	
	#判断内容
	verify_field("pwd", "Password", "empty");
    $rs = $database->queryFirst("SELECT id FROM user WHERE name = ".$quote['name']);
    if ($rs['id'] > 0) {
      $error_strs['name'] = "user name is already exists.";
    }
	$rs = $database->queryFirst("SELECT id FROM user WHERE email = ".$quote['email']);
    if ($rs['id'] > 0) {
      $error_strs['email'] = "email is already exists.";
    }
  }

	#如果没有错误，正式提交数据库
	if (!count($error_strs)) {
		#如果是添加
		if($action=="add"){
			$sql = "INSERT INTO user ".
				"(name, pwd, email, actived, lasttime, lastip) VALUES ("
				.$quote['name'].", "
				.string_sql(md5($pwd)).", ".$quote['email'].", 1, "._CONST_TIMENOW.", ".string_sql(fetch_alt_ip()).")";
			$database->execute($sql);
			$user_id = $database->getInsertId();
			$database->execute("INSERT INTO user_info (user_id) VALUES (".$user_id.");");
			add_log('do_add', 'user', "add user id is $user_id");
		}else{
		#如果是编辑
			$sql = "UPDATE user SET ".
				"name = ".$quote['name'].", email = ".$quote['email'].", status = ".$quote['status'].
				iif(strlen($pwd) > 0, ", pwd=".string_sql(md5($pwd)))." WHERE id = ".$quote['user_id'];
			$database->execute($sql);

			add_log('do_edit', 'user', "edit user id is $user_id");
		}
		$_REQUEST['referrer'] = "./";
		redirect("OK");
	}
}

$css = array('index', 'table','form');
$js = array();
include_once("../layout/_header.php");
?>
<div id="path">
	<ul>
		<li><a href="<?php echo _CONST_WEB_URL ?>"><?php echo _CONST_WEB_NAME?></a></li>
		<li><a href="<?php echo _CONST_BACKEND_URL ?>index.php">Backend</a></li>
		<?php
		if ($action == "add"){
			add_log('add', 'user');
		?>
			<li><a href="./">User</a></li><li>New user</li>
		<?php
		} else {

		add_log('edit', 'user', "edit user id is $user_id");
      ?>
			<li><a href="./">User</a></li>
			<li>Edit &quot;<?php echo $name ?>&quot; user</li>
		<?php
		}
		?>
	</ul>
<a href="<?php echo _CONST_BACKEND_URL ?>logout.php" class="r" style="margin:2px 10px"><span class="logout">Logout</span></a>
</div>

<div id="content">
	<ul id="submenu">
		<li <?php echo iif($action == "", 'class="current"') ?>><a href="./" class="button"><span class="list">List</span></a></li>
		<li <?php echo iif($action == "add", 'class="current"') ?>><a href="user_edit.php?func=add" class="button"><span class="add">New</span></a></li>
		<?php
		if ($action == "edit") {
			?><li class="current"><a href="user_edit.php?func=edit&user_id=<?php echo $user_id ?>" class="button"><span class="edit">Edit</span></a></li>
		<?php
		}
		?>
	</ul>
   <span style="margin:7px 10px 2px 50px;" class="l">Current User:<?php echo $_SESSION['bname']?>&nbsp;&nbsp;<?php echo gmdate('D M j, Y h:ia T', _CONST_TIMENOW) ?></span>

	<div class="cr"></div>
		<form action="user_edit.php?func=<?php echo $action?>" method="post" id="form" class="form border" name="form">
			<input type="hidden" name="do" value="do" />
			<?php
			if($action=="edit"){
			?>
				<input type="hidden" name="user_id" value="<?php echo $user_id ?>" />
			<?php
			}
			?>
			<fieldset>
			<legend><span>User Information</span></legend>
			<ol>
				<li>
					<label for="name">User Name
						<em><img src="<?php echo _CONST_BACKEND_URL ?>media/required.gif" alt="required" /></em>
						<?php echo show_field_error('name') ?>
					</label>
					<input name="name" type="text" class="text" size="30" maxlength="150" value="<?php echo htmlspecialchars($name) ?>" />
				</li>
				<li>
					<label for="name">Password
					<?php if ($action=="add") { ?>
					<em><img src="<?php echo _CONST_BACKEND_URL ?>media/required.gif" alt="required" /></em>
					<?php } ?>
					<?php echo show_field_error('pwd') ?>
					</label>
					<input name="pwd" type="password" class="text" size="30" maxlength="150" value="" />
				</li>
				<li>
					<label for="name">Email
					<em><img src="<?php echo _CONST_BACKEND_URL ?>media/required.gif" alt="required" /></em>
						<?php echo show_field_error('email') ?>
					</label>
					<input name="email" type="text" class="text" size="30" maxlength="150" value="<?php echo htmlspecialchars($email) ?>" />
				</li>
				<?php if ($action=="edit") { ?>
				<li>
					<label>Status <?php echo show_field_error('status') ?></label>
					<ul>
					<li><input type="checkbox" name="status" <?php echo is_checked($status) ?> value="1"><label>Lock</label></li>
					</ul>
				</li>
				<li>
					<label for="active">Actived
					</label>
					<span class="<?php echo iif($actived, "accept", "delete") ?>">&nbsp;&nbsp;&nbsp;&nbsp;</span>
				</li>
				<li>
					<label for="avatar">Avatar</label>
					<?php if (file_exists(_CONST_PIC_PATH.'avatar/'.$user_id."/1_".$avatar)) { ?>
						<img src="<?php echo _CONST_PIC_URL.'avatar/'.$user_id."/1_".$avatar ?>" class="" style="background-color:#fff;border:1px dotted #999;padding:1px;margin-top:10px;" />
					<?php }else { ?>
						<img src="<?php echo _CONST_IMG_URL . "avatar/1.jpg"?>" class="" style="background-color:#fff;border:1px dotted #999;padding:1px;margin-top:10px;" />
					<?php } ?>	
				</li>	
				<li>
					<label for="sex">Sex
					</label>
					<?php if ($sex == 0) {?>无
					<?php } elseif($sex == 1) { ?>男
					<?php } elseif($sex == 2) { ?>女
					<?php } ?>
				</li>
				<li>
					<label for="birthday">Birthday
					</label>
					<?php echo $birthday?>
				</li>
				<li>
					<label for="location">Location
					</label>
					<?php echo $location?>
				</li>
				<li>
					<label for="intro">Intro
					</label>
					<?php echo $intro?>
				</li>
				<?php
				}
				?>
			</ol>
			</fieldset>
			<fieldset class="submit">
        <?php if ($action=="add") { ?>
				<input type="submit" class="button" value="Insert" />
        <?php } else { ?>
				<input type="submit" class="button" value="Edit" />
        <?php } ?>
        <input type="button" value="Cancel" class="button" onclick="location.href='<?php echo _CONST_BACKEND_URL ?>user/index.php'"/>
			</fieldset>
		</form>
</div>
<?php
include_once("../layout/_footer.php");
?>